RIPEM and SSLeay seem to like MD5. RIPEM uses MD2 for it's X.509
certificates but MD5 for it's MIC-Info. There are a bunch of MD5
programs out there and a number written in Java. Bruce Schneier says "I am
wary of MD5" on pge 441 of Applied Cryptography. He states before that
that MD5 hasn't been provven insecure, but weaknesses have been found in
the compression function. If he is wary of this algorithm, then why is
it so popular? It's by far more prevelant than any other message digest
I've seen.
It is worse than Schneier says -- there are newer results now. See the current
issue of RSA's CryptoBytes publication, Volume 2 Number 2, Summer 1996, for
details. Online copies are available in
http://www.rsa.com/rsalabs/cryptobytes/.
The bottom line is that new application should no longer specify MD5 as a MIC.
And MD2 has been obsolete for some time. Use either SHA-1 or RIPEMD-160.
(I prefer the former.)
Ned